I've looked at the code in 2.7, and it does appear to take alt names into consideration. I'm fairly certain my original SNI patch did not.
What version of pound are you using? Joe > -----Original Message----- > From: Piotr Rotter [mailto:[email protected]] > Sent: Monday, December 23, 2013 7:36 AM > To: [email protected] > Subject: [Pound Mailing List] Pound + SNI + Alternative Names > > Hello, > > I use pound as SSL accelerator and I have problem with SNI. > In my configuration SNI works only with common names and ignore > alternative names. > > For example, I have configuration like that: > > ListenHTTPS > Address 0.0.0.0 > Port 443 > Cert "www.aaa.pl.crt" > Cert "www.bbb.pl.crt" > CAlist "geotrust.ca" > VerifyList "geotrust.ca" > Service > BackEnd > Address 127.0.0.1 > Port 80 > Priority 1 > End > End > End > > and certificates like: > > openssl x509 -in www.aaa.pl.crt -text -noout > CN=www.aaa.pl > X509v3 Subject Alternative Name: > DNS:www.aaa.pl, DNS:aaa.pl > > openssl x509 -in www.bbb.pl.crt -text -noout > CN=www.bbb.pl > X509v3 Subject Alternative Name: > DNS:www.bbb.pl, DNS:bbb.pl > > This configuration works fine for: > www.aaa.pl > aaa.pl > www.bbb.pl > but for bbb.pl pound offers certificate for www.aaa.pl > > Is it some bug in my configuration or pound does not support > alternative names? > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions.
